-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| modoboa | pip | < 2.2.2 | 2.2.2 |
Miggo AIRoot Cause AnalysisThe vulnerability stemmed from two key issues: 1) The dologout view didn't enforce POST requests (allowing CSRF via GET), evidenced by the addition of @require_http_methods(["POST"]) in the patch. 2) The user_menu template tag generated logout links using GET requests without CSRF protection, shown by the addition of 'method': 'post' and switch to render_post_link in templates. These functions together enabled CSRF exploitation by allowing unauthorized logout actions through simple malicious requests.